Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-10497

Track (flow) conversations by application instead of src/dst port

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 24.0.0
    • Component/s: None
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Sprint:
      Horizon - December 5th 2018, Horizon - December 12th 2018, Horizon - December 19th 2018, Horizon - January 9th 2019, Horizon - January 23rd 2019, Horizon - January 30th 2019

      Description

      When doing flow processing we currently track conversation by the (location, protocol, host1, port1, host2, port2) tuple, where these hosts and ports are ordered in such a way that flows going in both directions use the same key.

      This ends up effectivly tracking TCP (or UDP) sessions, which are relatively short lived. We would like to the modify the tracking to use the tagged application instead of the ports, resulting in a tuple like (location, protocol, host1, host2, application) instead.

        Attachments

          Activity

            People

            • Assignee:
              fooker Dustin Frisch
              Reporter:
              j-white Jesse White
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: